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Abstract. Tele-democracy is becoming increasingly important for local 
authorities in Europe. The EURO-CITI project aims to specify, develop and 
evaluate an integrated platform for two tele-democracy services, namely tele- 
voting for opinion poll petitions and tele-consulting. The technical develop- 
ments are divided into those for operators at local authorities and those for citi- 
zens. The platform empowers operators at local authorities to initiate a call-for- 
vote on a local problem, to dynamically set-up secure networks of cities and 
initiate a call-for-vote on common problems, to monitor voting results and ex- 
tract statistical information, etc. Regarding security and privacy, authentica- 
tion/authorization solutions are proposed and a Public Key Infrastructure is 
specified. The trial sites for the EURO-CITI platform are three European cities, 
namely Athens, Barcelona and London Borough of Brent. 



1 Introduction 

Electronic government and tele-democracy are high in the agenda of the European 
Commission [1][2]. The benefits of both e-government and tele-democracy are now 
well understood by local authorities worldwide that launch relevant initiatives [3] [4]. 

In the case of tele -voting for realizing opinion polls petitions, the application of 
technology provides some straightforward advantages (such as increased convenience 
and accessibility and reduced costs) but also a historic opportunity to re-establish 
some form of direct democracy. The concept of direct democracy suggests that all 
citizens decide via voting on their problems. This concept was abandoned as local 
communities were growing in size. 

The aim of this paper is to present an integrated tele-democracy platform for tele- 
voting and tele -consulting services within and across cities. The technical infrastruc- 
ture is deployed in Athens, Barcelona and London and will enable the respective 
Local Authorities (LAs) to conduct "intra-city" or "local" as well as "inter-city" or 
"network" tele-voting and tele-consultations. This platform has been developed 
within EURO-CITI [5] [6], a research project partially funded by the European Com- 
mission under the 1ST programme [7]. 

This paper is organized as follows. In section 2, a general overview of the EURO- 
CITI architecture and respective tele-democracy services is given. In section 3, the 
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characteristics of the services are outlined while in section 4 technical details are 
presented. In section 5 the approach to security/privacy issues is outlined. Finally, in 
section 6 the conclusions and future work are given. 



2 The EURO-C1TI Platform: Architecture and Services 

The main objective of EURO-CITI is to exploit the potential of on-line democracy by 
developing and demonstrating new transaction services, namely tele-voting for real- 
izing opinion poll petitions and tele-consulting. The development of these services 
calls for a common underlying architecture to facilitate their implementation and fully 
exploit their potential. In this section, the EURO-CITI technical architecture is pre- 
sented and the EURO-CITI services are outlined. 



2.1 EURO-CITI Architecture 



The EURO-CITI architecture consists of a number of platforms (one per city) that 
communicate over the Internet. This architecture is depicted in figure 1 in the case of 
three cities, namely Athens, Barcelona and London Borough of Brent. 



Euro-Citi general Architecture 
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Fig. 1. KURO-CITI Architecture 



The main components of the platform in each city are: 

• The EURO-CITI (EC) Server where all applications for the operators and citizens 
reside. 

• The EURO-CITI Security Manager (ESM) that is responsible for secure communi- 
cations between platforms and authentication. 

• The Lightweight Directory Access Protocol ( LDAP) where all citizens and opera- 
tors general information reside. 

• The DataBase ( DB) where all applications data reside. 
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Each local authority hosts one server. Those servers run the EURO-CITI services and 
are connected to sub-systems such as applications databases and LDAP repositories. 
EURO-CITI servers are able to communicate with each other thanks to the ESM 
component. Security requirements are fulfilled in order to provide citizens with trust- 
worthy and secure services. 

2.2 EURO-CITI Tele-voting 

The EURO-CITI tele-voting application consists of two different tools: 

• The Tele-voting Administrative Tool allows operators to initiate a call-for-vote, to 
invite other cities in a common call-for-vote, to determine the eligible voters, to 
initiate a call-for-vote in different languages etc. 

• The Tele-voting Service allows citizens to vote, to request a call-for-vote, to extract 
statistics (if allowed by the operator), to switch between different languages etc. 

• The EURO-CITI Tele -Voting service will be used for opinion poll petitions. In that 
context, three tele-voting scenarios have been identified by the participating local 
authorities as particularly important: 

• "Local Voting". In this case, a voting issue is posted in one EURO-CITI server and 
eligible voters are citizens who are registered in that server. 

• "Local Voting with European Scope". In this case, a voting issue is posted in one 
EURO-CITI server (termed initiator). Here, eligible voters consist of citizens who 
are registered in the initiator as well as citizens from other cities. These cities how- 
ever must have been invited by the initiator and accepted that invitation. 

• "Network Voting". In this case, a voting issue is proposed by one EURO-CITI 
server (termed initiator) and is posted in all servers (i.e. cities) that have accepted 
to participate in that voting. Here, eligible voters for each server are the citizens 
who are registered in that server. 

2.3 EURO-CITI Tele-consulting 

The Tele-Consulting module offers two types of services, Tele-Consultation and e- 
Forum. Each service is composed of two different tools: 

• Tele-consultation 

o The Tele-Consulting Administrative Tool allows the operators to set up con- 
sultation campaigns. 

o The Tele-Consultation Service allows citizens to participate in consultation 
campaigns. 

• e-Forums 

o The e-Forums Administrative Tool allows the operators to create new forums, 
to create new categories and to track the opinion given by the citizen in the dif- 
ferent forums. 

o The e-Forum Service allows citizens to participate in the available forums by 
expressing their opinion or commenting on the opinion of other citizens. 

In Tele-Consultation both "Local consultation" and "Local consultation with Euro- 
pean Scope" scenarios are supported, where these scenarios have the same scope as in 
Tele-Voting. However, in e-Forums only "Local" scenarios are supported. 
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3 Characteristics 

The main characteristics of the EURO-CITI integrated platform are: 

• Intuitive, easy-to-use graphical interface for operators and citizens. 

• Access from multiple devices for citizens. 

• Authentication using multiple methods (login/password, smart cards, digital cer- 
tificates). 

• Security at the system level but also at the application level (in the case of tele- 
voting service). 

• Ability to dynamically set up virtual private networks between cities in order to 
perform a common voting or consultation. 

• Multilingual versions available for the operators to choose during installation. 

• Multilingual content (e.g. postings) by operators are supported. 

• Multilingual interface and content is available to citizens at any time. 

• Archiving and auditing facilities are available to operators. 

• Support of open standards e.g. Java, XML, WAP. 
The specific characteristics of the tele-voting service are: 

• Operators may create a new voting issue by inserting voting subject, options, dura- 
tion, scope, category, keywords, URL for further information, multilingual infor- 
mation; by inviting other cities (in the case of network voting) and by determining 
eligible voters based on age, nationality and gender. 

• The service supports multiple open voting issues at any time. 

• Voting is secure and anonymous. No citizen is allowed to vote more than once for 
the same issue and no one is able to alter votes (democracy requirement). Also, 
citizens are able to verify their personal voting. 

• Citizens are notified about forthcoming polls. 

• Citizens are able to view the results of previous voting issues and the partial results 
of current voting issues (if the operator has enabled this option when creating the 
voting issue). 

• Citizens are able to suggest a voting issue. 

The specific characteristics of tele-consulting are similar with the relaxation of secu- 
rity constraints. 

4 Development 

The architecture used to develop the EURO-CITI platform is based on the J2EE stan- 
dard. As an example, in figure 2 the software architecture for tele-voting is depicted. 
This architecture caters for a number of requirements (e.g. communication between 
services over ESM, communication of services with the Database and LDAP, access 
from multiple devices, support of multiple authentication methods etc.) 
Each page of the resulting services is structured in three main parts (figure 3): 

1. Fixed part: it includes the page head and the rest of components of the static 
design. 

2. The menu. 

3. The page content. 
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Clients Application Layer Data Layer 




Fig. 2. Tele-voting Software Architecture 




Fig. 3. Interface 

5 EURO-CITI Security/Privacy Elements 

Citizens access the EURO-CITI services through personal computers (Home PCs, 
kiosks) or WAP devices [8] using the Internet or wireless networks respectively. 
Links between the EURO-CITI nodes are protected by the following protocols (fig- 
ure 4): 

• From WAP devices to WAP gateway: WTLS 

• From WAP gateway to EC servers: SSL 

• From PC devices to EC servers: SSL 

• From EC server to EC server: IPSec 

Servers of different cities communicate with each other in the context of network 
services. A network service is launched by one city and is accessible from citizens of 
other cities. The participating cities can send their results to the city that has launched 
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the service. In this context, citizens registered in a city and participating to a service 
of another city must be remotely authenticated. 

For instance, if a citizen registered in London accesses a secure service proposed 
by Athens, the Athens server will have to ask to the London server if the citizen is 
authorized to access the service or not. 



The Internet 



EC- Server 



IPSec connections 
SSL connections 
WTLS connections 




The Internet 



ft 



\ 11 , 



Home PC/Kiosk 

Citizen 



Fig. 4. 1TJRO-CT 1 1 Security 



With respect to authentication, two main methods are implemented: the login/pass- 
word paradigm and the certificate-based authentication. These two solutions are com- 
bined with the use of Smart Card to realize four authentication solutions: 

• Simple login/password: the citizen has to memorize his login/p ass word pair. Citi- 
zens must use these credentials discretely in order to avoid their use by another 
person. 

• Login/password with smart card: The smart card stores several login/password 
pairs. The citizen fills in the login/password window with a drag and drop applica- 
tion. The login/password pair can be provided to the citizen or stored in the smart 
card. Using the smart card is totally transparent for the EURO-CITI applications. 

• Certificates-based authentication: certificates provide strong authentication with 
the use of complex cryptographic algorithms. 

• Certificate with smart card: This is the strongest authentication method imple- 
mented. This authentication scheme is a two-levels authentication method. The use 
of the citizen's private key is protected by the card PIN code and it is never ex- 
ported out from the smart card, thus enhancing a high security level. 

In case a citizen owns a digital certificate, this certificate is stored either in a smart 
card or in the citizen's hard disk. 
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5.1 Public Key Infrastructure 

The EURO-CITI architecture includes a Public Key Infrastructure (PKI) that manages 
digital certificates for citizens and web servers. A private PKI solution has been se- 
lected for managing citizen certificates while a public PKI solution handles EURO- 
CITI server certificates. 

The EURO-CITI infrastructure includes all the key components of the following 
architectures: 

The Certification Authority (CA) delivers, revokes, and renews the certificates. It 
implements the security policies that define the certificate content depending on both 
the certificate users and the future usages of certificates. The CA also archives certifi- 
cates and private encryption keys (not implemented in EURO-CITI since data en- 
cryption is not required). The CA publishes the certificates and the Certificate 
Revocation List (CRL) in the directory. The CRL is the list of all the certificates that 
have been revoked. 

The Registration Authority (RA) handles tasks on behalf of the CA. This mainly 
includes certificate applications, validation of certificate application, request of cer- 
tificate suspension / revocation / renewal. In some cases, Local Registration Authori- 
ties can assist the RA in its task. These people handle locally the RA processes. 

The Directory is a repository used to publish the EURO-CITI entities identities, like 
their name, first name, address, etc. The CA also uses the directory to publish certifi- 
cates and CRLs. The EURO-CITI directory supports the LDAP protocol. 



6 Conclusions and Future Work 

The EURO-CITI platform equips local authorities with the necessary technical infra- 
structure in order to provide two important tele-democracy services: tele-voting for 
realizing opinion poll petitions and tele-consultations. 

The trial sites for the evaluation of the EURO-CITI platform include three Euro- 
pean cities, namely Athens, Barcelona and London Borough of Brent. For the evalua- 
tion, one hundred citizens of each city will be provided by smart cards while a 
significantly larger number will be provided by login/password credentials. The 
evaluation will include intra-city scenarios where, for example, citizens from one city 
will be able to vote on local issues. The evaluation will also include inter-city scenar- 
ios. In these scenarios, the operators at a city will propose a common call-for-vote and 
will invite other cities to join them. Upon acceptance, virtual private networks will be 
dynamically created and common votes will be possible for citizens across all partici- 
pating cities. 
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